API Security

Featured image for Cloudentity now fully supports API Access Control for Kusk Gateway!

Cloudentity now fully supports API Access Control for Kusk Gateway!

At Cloudentity, we take pride in enabling an end-to-end authorization journey for our clients, including using our Authorizers with the most popular API gateways. We've been working extensively with Kubeshop to bring out-of-the-box integration for its Kusk Gateway to our platform, and we're thrilled to announce that Kusk Gateway is fully integrated into Cloudentity, with...
Read More
Featured image for Deploy Cloudentity on Google Cloud Platform

Deploy Cloudentity on Google Cloud Platform

As part of our continued support for growing API-centric organizations powered by the Google Cloud Platform (GCP), we have officially enabled deployment of the Cloudentity advanced OAuth authorization and consent management solution in GCP via Google Kubernetes Engine (GKE). Organizations utilizing GKE on GCP can now self-deploy Cloudentity using Helm Charts as the Kubernetes package...
Read More
Featured image for Globee Awards Gold Winner for API Management 2022

Globee Awards Gold Winner for API Management 2022

Cloudentity has been named a gold winner in the API Management category in the Globee Awards 2022 Information Technology World Awards. The Globee Awards recognize IT and cybersecurity vendors with advanced, ground-breaking products, solutions, and services in all areas of technology and cybersecurity. The organizers celebrate the continued innovation from the information technology industry through...
Read More
Featured image for eCBSV: new consent-based SSN verification service

eCBSV: new consent-based SSN verification service

Following worldwide trends of governments providing new and better identity and privacy services to consumers and banks, the Social Security Administration (SSA) is implementing a new fee-based Social Security number (SSN) verification service known as Electronic Consent Based Social Security Number Verification (eCBSV). This service follows worldwide privacy directives aligned with Open Banking, requiring data...
Read More
Featured image for Identity Management Day 2022: Are Your Digital Identities Secure?

Identity Management Day 2022: Are Your Digital Identities Secure?

Hosted by the Identity Defined Security Alliance and National Cybersecurity Alliance, Identity Management Day aims to provide education about the dangers of casually or improperly managing and securing digital identities, raising awareness and sharing best practices across the industry.   According to Gartner, APIs are expected to be the most frequent attack vector in 2022, and...
Read More
Featured image for Making Dynamic Authorization an Essential Pillar in Federal Government Zero Trust Architecture Strategies

Making Dynamic Authorization an Essential Pillar in Federal Government Zero Trust Architecture Strategies

Author: Brook Lovatt, Chief Product Officer of Cloudentity The government’s focus on Zero Trust has risen in the past year, as shown by the Biden Administration's May 2021 and January 2022 executive orders and the Cybersecurity and Infrastructure Security Agency’s (CISA) Zero Trust Maturity Model. CISA’s Zero Trust Maturity Model is one of many roadmaps...
Read More
Featured image for Aligning Cloudentity Components with XACML Terminology

Aligning Cloudentity Components with XACML Terminology

Cloudentity is frequently asked how our components and features align with those of the legacy XACML (eXtensible Access Control Markup Language), including Policy Administration Points (PAP), Policy Decision Points (PDP), Policy Information Points (PIP), and Policy Enforcement Points (PEP). In this article, we will describe what the Cloudentity components are and how they align with...
Read More
Featured image for Securing partner API integrations with OAuth mTLS

Securing partner API integrations with OAuth mTLS

Securing partner API integrations with OAuth mTLS API access using token-based architectures is already popular, and the authorization and governance of the minted tokens for access becomes very critical for APIs, which exposes data for partner integrations outside of the organization itself. This is exactly where we can utilize the OAuth mTLS specification along with...
Read More
Featured image for The Perimeter has Disappeared: Why Zero Trust and IAM are Essential to Secure the Modern Enterprise

The Perimeter has Disappeared: Why Zero Trust and IAM are Essential to Secure the Modern Enterprise

In the conventional, on-premises IT infrastructure, organizations worked within the boundaries of their well-defined enterprise network perimeter. In this setting, on-premises security tools like virtual private networks (VPNs) were mostly sufficient to secure users and devices within the perimeter walls. However, with the increase in remote work and cloud computing, organizations are leveraging various apps...
Read More
Featured image for Cloudentity Named Winner in the Globee Awards 18th Annual Cyber Security Global Excellence Awards

Cloudentity Named Winner in the Globee Awards 18th Annual Cyber Security Global Excellence Awards

Cloudentity Named Winner in the Globee Awards 18th Annual Cyber Security Global Excellence Awards We’re excited to share that the Globee Awards have named Cloudentity a winner in the Application Programming Interface (API) Management and Security category in the 18th Annual 2022 Cyber Security Global Excellence Awards. These prestigious global awards recognize cyber security and...
Read More
Featured image for Build a GraphQL client application to consume protected GraphQL API resources

Build a GraphQL client application to consume protected GraphQL API resources

This article is part 3 of our GraphQL application protection series. In this article, we will build a GraphQL client that is capable of invoking GraphQL API calls, obtain authorized access tokens from a Cloudentity authorization server and send the authorization token to underlying GraphQL services. Part 1: Externalized authorization for GraphQL using the Cloudentity...
Read More
Featured image for Protecting GraphQL applications through authorization and consent

Protecting GraphQL applications through authorization and consent

This article is part 2 of our GraphQL application protection series. In this article, we will build a GraphQL API server and protect its resources with externalized policies administered in the Cloudentity Authorization SaaS platform. We will also protect the GraphQL API endpoint data with a local policy enforcement/decision point for the app deployed within...
Read More